Date: 20 Dec 2002 11:14:18 +1000 From: Duncan Anker <d.anker@au.darkbluesea.com> To: freebsd-questions@freebsd.org Subject: [Fwd: Re: NFS Reserved Port Only?] Message-ID: <1040346858.6585.34.camel@duncan.au.darkbluesea.com>
next in thread | raw e-mail | index | archive | help
Probably intended for the list -----Forwarded Message----- > > For the purpose of answering my own question if someone is reading > through the old posts the unprivileged port because of NAT was solved by > adding the -n option to mountd. > > Although I find it kind of interesting that the documentation says this > clears the nfs_privport sysctl flag but you can't allow it by clearing > the flag yourself. I didn't find that flag - however I Found that clearing the sysctl flag did work. Odd. > > Ryan > > On Thu, 2002-12-19 at 18:57, Duncan Anker wrote: > > On Fri, 2002-12-20 at 03:59, Ryan Sommers wrote: > > > Does nfs_reserved_port_only really make NFS that much more secure? Or is > > > this more of a depricated option. > > > > Doesn't really help. It's slightly more secure in an environment where > > you don't fully trust your users, but all it does is require the > > connection to come from a privileged port. Since any script kiddie can > > stick a Linux or *BSD box on the net with root access, it really doesn't > > help secure against the sort of attacks you'd want to secure against. > > > > I have found this option is nothing more than annoying (my NFS monitor > > won't use a privileged port, for example) so I leave it off. > > > > As far as the rest of your NFS privilege problems go, you may need to > > mount the filesystem with TCP. I'm not sure how NFS works with NAT, but > > I had some issues with this. Alternatively, if you have multiple IP > > addresses on one itnerface, you need to explicitly tell nfsd which ones > > to bind to, as wildcarding doesn't work with UDP. > > > > HTH > > Duncan Anker > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1040346858.6585.34.camel>